[WSIT-1540] Metadata/MetadataSection/Location element not properly handled Created: 15/Mar/11  Updated: 16/Jan/13

Status: Open
Project: wsit
Component/s: mex
Affects Version/s: 2.1
Fix Version/s: None

Type: Bug Priority: Major
Reporter: iotto Assignee: symonchang
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Tags: metro2_2-waived, metro2_3-exclude

 Description   

From WS-MetdataExchange Version 1.1:

/mex:Metadata/mex:MetadataSection/mex:Location
This contains a URL to metadata, and the metadata MUST be retrievable from that URL using the primary access mechanism for the scheme of the URL. For example, for an HTTP URL, the metadata MUST be retrievable by sending an HTTP GET request to the URL. When this element is present, it MUST have no element siblings.

Metro does a WS-Transfer Get operation instead of an HTTP GET.

In the case of a .NET WIF STS with staticly hosted WSDL, the mex call returns:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<a:Action s:mustUnderstand="1" xmlns:a="http://www.w3.org/2005/08/addressing">http://schemas.xmlsoap.org/ws/2004/09/transfer/GetResponse</a:Action>
<a:RelatesTo xmlns:a="http://www.w3.org/2005/08/addressing">uuid:778b135f-3fdf-44b2-b53e-ebaab7441e40</a:RelatesTo>
</s:Header>
<s:Body>
<Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
<wsx:MetadataSection Dialect="http://schemas.xmlsoap.org/wsdl/" xmlns="">
<wsx:Location>https://thirdparty.authentication.business.gov.au/R3.0/vanguard/S007v1.1/Service.svc?wsdl</wsx:Location>
</wsx:MetadataSection>
</Metadata>
</s:Body>
</s:Envelope>

In com.sun.xml.ws.mex.client.MetadataClient.java, getServiceInformation uses retrieveMetadata to retrieve the metadata at the Location which fails as it is performing WS-Transfer Get operation instead of an HTTP GET.



 Comments   
Comment by ritzmann [ 21/Mar/11 ]

Jiandong, could you please evaluate this issue?

Comment by symonchang [ 16/Jan/13 ]

This is not a WSIT security problem, and should be fixed by WS-MetdataExchange side.

Generated at Sat Feb 13 13:45:35 UTC 2016 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.